Is Jira HIPAA Compliant? – August 2021

Posted on 09.07.2021
-
Written by Jake Sullivan
-

Things you’ll learn

Using Jira in HIPAA-compliant environments – August 2021

Is Jira HIPAA Compliant? Summary: HIPAA compliance for Jira and Confluence Cloud is currently slated for Q2 2022. Atlassian’s Data Center products, however, provide an immediate path to host behind-the-firewall. Regardless of hosting strategy, plugin usage and permission schemes should be considered as part of your HIPAA Compliance Program.

  • Atlassian “Cloud” products may be sufficient if you will not store PHI in Jira or Confluence. We recommend implementing Data Loss Prevention tooling as a safeguard.
  • We recommend Atlassian “Data Center” products for companies that expect to handle PHI/PII in the Atlassian suite.
  • For a more in-depth review, check out our article Atlassian Cloud vs Data Center: Which is Better for Healthcare Organizations?

Interested in learning more about HIPAA compliance with Atlassian? Oxalis can help guide you through the decision-making and implementation process. Contact us below to get in touch. But, Is Jira HIPAA Compliant? Continue reading to discover the answer.

Is Jira/Confluence Cloud HIPAA Compliant?

The short answer: No. Atlassian is unable to sign a Business Associate Agreement and instead recommends Data Center for companies that need to store PHI in the system. HIPAA compliance for Jira and Confluence Cloud is currently slated for Q2 2022.

That being said, if your teams do not intend to document PHI/PII in Jira or Confluence, this is likely a viable option. If you choose to use Atlassian Cloud, we recommend the following:

  • Leverage a Data Loss Prevention (DLP) tool to keep PHI/PII out of your system, and eliminate it if found.
  • Analyze which plugins you intend to use, and whether the third party vendor is considered a business associate subject to a BAA.
  • Consider your options for remediating PHI/PII accidentally stored in issue data/history, pages, and attachments.

For an in-depth review, check out our article Atlassian Cloud vs Data Center: Which is Better for Healthcare Organizations?

Is Jira/Confluence Data Center HIPAA Compliant?

The short answer: HIPAA Compliance for Atlassian Data Center depends heavily on your hosting strategy.

Atlassian Data Center is an option for organizations that must store PHI/PII in Jira or Confluence, as the Jira and Confluence Data Center editions can be hosted on your own servers or through a healthcare-oriented Managed Service Provider (MSP). This is a common path for healthcare organizations as it grants greater control over the processes, policies, and controls that comprise your HIPAA compliance program.

Regardless of whether you use Atlassian’s Cloud or Data Center products, we recommend the following:

  • Ensure your infrastructure’s configuration and controls (internally hosted or managed by an MSP) are aligned with your organization’s HIPAA Compliance Program.
  • Leverage a Data Loss Prevention (DLP) tool to keep PHI/PII out of your system, and eliminate it if found.
  • Analyze which plugins you intend to use, and whether the third party vendor is considered a business associate subject to a BAA.
  • Consider your options for remediating PHI/PII accidentally stored in issue data/history, pages, and attachments.

For an in-depth review, check out our article Atlassian Cloud vs Data Center: Which is Better for Healthcare Organizations?

How Oxalis Can Help

At Oxalis, security and compliance are embedded in everything that we do. We believe that healthcare organizations no longer have to give up modern, usable, and efficient tools to remain compliant. Our team can help you understand whether Atlassian Cloud or Data Center is a better fit for your organization based on your HIPAA compliance program. Then, we can help you craft the implementation and sustainment plan to get you there.

Contact us today to set up time to chat with an expert. In the meantime, feel free to download a copy of our whitepaper, To learn more about how to plan a path forward with your Atlassian products, please download a copy of Oxalis’ new whitepaper, Atlassian Cloud vs Data Center: Key Considerations for Enterprise, Compliance-Heavy Organizations.

Recommended blog posts

Get in touch today.

Feel free to send us a message in the form below. We’re very approachable and would like to talk more about how we can meet your needs:

Get the conversation started!

Feel free to send us a message in the form below. We’re very approachable and would like to talk more about how we can meet your needs: